Behavioral task
behavioral1
Sample
1100-57-0x0000000000170000-0x00000000001DF000-memory.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1100-57-0x0000000000170000-0x00000000001DF000-memory.dll
Resource
win10v2004-20220414-en
General
-
Target
1100-57-0x0000000000170000-0x00000000001DF000-memory.dmp
-
Size
444KB
-
MD5
7de591e789330b7e552afc08dfa10db6
-
SHA1
c633f35133aaaabf33e3715f6c96c2009775f328
-
SHA256
c0c459564513d0d1885e1d9a9ec3b452b805c95b81a91b2fd1b51176c0f49f58
-
SHA512
fbcb92d37c865a9726e7d0e208c567dc38566ab2260f8d89e31c8cf6c8305b8b9f23af9d6de982f38e09274ef142855023af8295400d437db9082d1ab575f3cf
-
SSDEEP
768:A2M1D05UC2Tm8lVvby2AZLKuFjoaHddrJ6271EPs1hSe7cBVksMPyx2:G1K2Tm8lVA5pVddIZP6se4Hs
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
194.76.226.15
109.230.199.114
-
base_path
/drew/
-
build
250235
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi_ifsb family
Files
-
1100-57-0x0000000000170000-0x00000000001DF000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ